<?php

if(!config::read('enabled', 'comments')) exit();

//require_once(ROOT . LIBRARY .'/phpmailer/class.phpmailer.php');
//require_once(ROOT . LIBRARY .'/captcha.class.inc');

$action  = $REQUEST->getRequestLast();
# allowed actions:
$allowed_actions = array(
   'auth',
   'add',
   'get'
);
$respond = FALSE;

if(!in_array($action, $allowed_actions)) exit();

$CM = new comments(array(
   'authority' => config::read('cm_authority'),
   'moderate'  => config::read('cm_moderate'),
));

switch($action)
{
   case 'auth':
      if(!empty($_POST['f']['login']) && !empty($_POST['f']['pwd']))
      {
         session::authorize($_POST['f']['login'], $_POST['f']['pwd'], FALSE, FALSE);
         if(session::user())
         {
            $respond = array(
               'id'=> session::user()->id
            );
         }
      }
      break;

   case 'add':
   
      $f = !empty($_POST['f']) ? $_POST['f'] : NULL;
      if(!empty($f))
      {
         $f['aid']     = !empty($f['aid']) && is_numeric($f['aid']) ? $f['aid']     : FALSE;
         $f['message'] = !empty($f['message'])                      ? $f['message'] : NULL;

         $respond = $CM->add($f);
         if($respond && !config::read('cm_moderate'))
         {
            $respond = array(
               'id' => $respond,
               'data' => $CM->load($f['aid'])
            );
         }
      }
      break;

   case 'get':
      $respond = $CM->load($id);
      break;
}

echo json_encode($respond);
exit();




if(!empty($_POST['f']['site']) && strpos($_POST['f']['site'], 'http://' !== 0)) $_POST['f']['site'] = 'http://'. $_POST['f']['site'];

$f['article'] = !empty($_POST['f']['article']) && $FILTER->isValidInteger($_POST['f']['article']) ? $_POST['f']['article'] : false;
$f['user']    = !empty($user)                  ? $user->id                                                                 : NULL;
$f['name']    = !empty($_POST['f']['name'])    ? $FILTER->ClearHtml($_POST['f']['name'], 100)                              : NULL;
$f['email']   = !empty($_POST['f']['email'])   && $FILTER->isValidEmail($_POST['f']['email'])     ? $_POST['f']['email']   : NULL;
$f['city']    = !empty($_POST['f']['city'])    ? $FILTER->ClearHtml($_POST['f']['city'], 100)                              : NULL;
$f['country'] = !empty($_POST['f']['country']) ? $FILTER->ClearHtml($_POST['f']['country'], 100)                           : NULL;
$f['site']    = !empty($_POST['f']['site'])    && $FILTER->isValidUrl($_POST['f']['site'])        ? $_POST['f']['site']    : NULL;
$f['comment'] = !empty($_POST['f']['comment']) ? $FILTER->ClearHtml($_POST['f']['comment'])                                : false;
$f['code']    = !empty($_POST['f']['code'])    ? $_POST['f']['code']                                                       : NULL;

$CP = new Captcha();

$errors = array();

if(!$f['article'])
   $errors['article'] = TRUE;

if(!$user && !$f['name'])
   $errors['name'] = TRUE;

if(!$f['comment'])
   $errors['comment'] = TRUE;

if(!$user && (!$f['code'] || !$CP->verifyCaptcha($f['code'])))
   $errors['captcha'] = TRUE;

$respond = array();
$respond['error'] = empty($errors) ? FALSE : $errors;


if(empty($errors))
{
   $hidden = config::read('cm_moderate') ? '1' : '0';
   $ip     = get_ip();

   $sql = 'INSERT INTO `meccano_comments` (`article`, `hidden`, `cdate`, `ip`, `comment`';
   if($user) 
   {
      $sql .= ', `uid`)';
   } else
   {
      $sql .= ', `name`, `email`, `city`, `country`, `site`)';
   }
   $sql .= ' VALUES ('. $f['article'] .', "'. $hidden .'", NOW(), INET_ATON("'. $ip .'"), "%s"';

   $sql_vars = array($f['comment']);
   if($user)
   {
      $sql .= ', '. $user->id .')';
   } else
   {
      $sql .= ', "%s", "%s", "%s", "%s", "%s")';
      array_push($sql_vars, $f['name'], $f['email'], $f['city'], $f['country'], $f['site']);
   }

   $DB->DB_QueryBuilder($sql, $sql_vars);

   if($DB->DB_Query())
   {
      if($hidden == 1)
      {
         $respond['moderate'] = true;
         if(config::read('manager_email'))
         {
            $MAIL = new PHPMailer();
            $MAIL->Subject = $var['comment']['inform_subject'];
            $MAIL->AddAddress(config::read('manager_email'), config::read('manager_email'));
            $MAIL->MsgHTML($f['name'] .'<br><br>'. $f['comment']);
            $MAIL->Send();
         }
      } else
      {
         $respond['moderate'] = false;
         $respond['name']    = $f['name'] != NULL ? $f['name'] : $user->surname .' '. $user->name;
         $respond['comment'] = $f['comment'];
      }
   } else
   {
      $respond['error']['db'] = TRUE;
   }
}


echo json_encode($respond);
exit();